Access Control System and Method for Use by an Access Device

ABSTRACT

Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.14/603,434, filed Jan. 23, 2015, which is a continuation of U.S. patentapplication Ser. No. 13/582,467, filed Sep. 4, 2012, now U.S. Pat. No.8,996,879, which is a national stage application of PCT Application No.PCT/US11/26781, filed Mar. 2, 2011, which claims the benefit of U.S.Provisional Patent Application No. 61/309,813, filed Mar. 2, 2010. Allof the above mentioned applications are incorporated by reference hereinin their entireties.

INTRODUCTION

Electric vehicles are rapidly gaining in popularity. With these electricvehicles, charge points, or chargers where the vehicle can charge itsbatteries, will also become ubiquitous. The simplest charger is simply akiosk or charge station that a vehicle can plug into and charge. A feeor other access may be required to use this kiosk. In other situations,vehicles will be able to be charged at parking facilities, parkingmeters and even street lamps. Other electronic access devices such ashotel room locks and the like are also gaining in popularity.

A major problem with a random collection of charge stations is that adriver needing charge may have no idea exactly where to find a chargingstation that can charge his vehicle using the correct voltage andcurrent, and may have no convenient way to reserve a place or makepayments for this service. Of course, kiosks and the like can acceptcredit cards much like gas pumps; however, there still remains theproblem of reservations and correct charging parameters.

Use of the Internet for almost everything has also become very common tomany people today. A large percentage of fungible goods today arepurchased directly from merchants over the Internet. It would be verydesirable to have an easily accessed website that could providereservation services for charges, including directions to the locationof a specific charger and could provide correct charging parameters tothat charger. This website could interact with a user's cellulartelephone to provide an electronic token or certificate that could betemporarily stored in the phone that could be passed on to an accessdevice such as a vehicle charger, hotel room lock or other access systemto allow access and provide any necessary parameters.

Burger in U.S. Published Patent Application number 2010/0031043 teachesa portable electronic authorization method for enabling a user interfaceon a computer operated by a user to cause the memory content of anelectronic device distinct from the computer to be modified. Burgerteaches using RFID tags to replace each typical document found in aperson's wallet or purse. Burger fails to teach enabling a charger foran electronic vehicle.

It would be advantageous to have a system and method of reserving anelectrical vehicle charger on a web page and then transferring a tokenor certificate to a cellular telephone which could then further transferthis token to the charger to authorize charging.

SUMMARY OF THE INVENTION

The present invention relates to the use of a web site and a cellulartelephone, preferably a smart phone, to reserve and activate an electricvehicle charger or to activate and allow access to any access devicesuch as a hotel room lock or the like. The web site can be generalaccess or restricted access and can allow a user using a browser from acomputer, laptop, web-capable cellular telephone, smart phone or anyelectronic processing device to place a reservation for a particularcharger at a particular time window. A server or server computer nothosting a website can also interface directly with a telephoneapplication. The server, or another server, can then transfer a digitaltoken or certificate, which may be wholly or partially encrypted, to thecellular telephone. This certificate may comprise a unique ID and/or adate/time stamp.

The certificate generally has an ID referring to the final access device(for example, a charger), or is encoded in such a way that only thefinal access device can read and/or verify the message (e.g., thecertificate may be encrypted with or signed with a public key for thefinal access device); whereby the final access device can recognize thatthe certificate is intended for it. The certificate generally has astart time and duration (or end time), describing the interval duringwhich the final access device has been reserved. Additional options mayalso be included.

The certificate can also contain a digital authorization (for example, adigital signature) so that the final access device can verify that thecertificate is genuine. Each charger or other access device in aparticular system may have a unique ID, which can be changed forsecurity.

The certificate can also contain this charger or device ID as well asother information such as approximate time when charging should begin(the reservation time), and the charging parameters.

If a wireless device, such as a laptop or smart phone, is used to carrythe certificate, it can be running an application that turns onshort-range wireless capability as the reservation time approaches. Forsimplicity in the following discussion, the term smart phone' is used,but will be understood to include any portable computer or PDA, having awireless communication ability.

As the smart phone approaches the charger or access device, a wirelessconnection is made (e.g., via Bluetooth™, Zigbee™, or IRDA);notification may be provided to the user of the device's proximity; andthe wireless device sends the digital token or certificate to thedevice. The device can be optionally Internet enabled; however, it doesnot have to necessarily be. In fact, the present invention isparticularly useful for devices that may generally be Internetconnected, but for which the connection is unreliable, for example, forchargers employing Wi-Fi connection in a garage or private residence. Insuch cases, an inopportunely placed truck may block communication, or aweakly secured or informally managed modem and/or router may not providea sufficiently reliable communication. When the device sees its currentunique ID on the received certificate or if the device's private key isusable to decrypt at least a portion of the received certificate, and ifthe reservation time from the certificate approximately agrees with itsinternal time-of-day/date clock, the device can allow charging.Communication with the smart phone may also include a message as to thesmart phone's own clock-calendar, which may be taken into account foradjusting the clock of the device (as the smart phone may have had morerecent connection to an authoritative time source.)

The incoming digital certificate can contain a new, updated unique IDfor that charger or access device to assume. Upon assuming the new ID(after charging is complete or access is allowed), the old ID is nolonger valid. This prevents hacking or spoofing the device by trying touse the same certificate twice (say by changing the date/time). Thecertificate can also contain a new encryption decoding key for the nextuse. This prevents any decoding of an old or used token or certificate.In this case, since the transaction may not take place (for example, thecustomer could not find the charger), it is possible for the state ofthe charger to become ambiguous. It is possible to issue reservationswith both the old certificate and the new certificate presentsimultaneously.

Funds transfer for the access service can be made by the website at thetime of reservation from a user's account, from a money transfer servicelike PAYPAL™ or by receiving funds from a credit card similar to anyother e-transaction. In addition, if the charger or access device isweb-enabled, the device itself can report back that the charging tookplace or the access was allowed. Since the digital token or certificatehas a reserved charging time, the certificate will die automatically acertain number of minutes or hours after that time in that the chargeror access device will no longer allow access based on itstime-of-day/date clock.

DESCRIPTION OF THE FIGURES

Attention is now directed to several illustrations that show some of thefeatures of the present invention.

FIG. 1 shows a flow diagram of a reservation and charge from aweb-enabled charger.

FIG. 2 shows an embodiment of a digital token or certificate.

FIG. 3 shows a similar flow diagram to that of FIG. 1, except that thecharger is not web-enabled.

FIG. 4 shows the flow with a web-enabled hotel room lock.

FIG. 5 shows the flow of FIG. 3 with a hotel room lock that is not web-enabled.

FIG. 6 shows a block diagram of a charger that might be used with thepresent invention.

FIG. 7 shows a block diagram of an embodiment of a smart phoneapplication.

Several illustrations and drawings have been presented to aid inunderstanding the present invention. The scope of the present inventionis not limited to what is shown in the figures.

DESCRIPTION OF THE INVENTION

The present invention allows reservation and activation of an electricvehicle charger or an access device like a hotel room lock from awebsite via a digital token or certificate sent to a cellular telephoneor smart phone.

FIG. 1 shows a flow diagram of an embodiment of the present invention. Awebsite 12 is hosted on a server 15 that communicates with the Internet1. An Internet terminal device 2 such as a laptop or smart phone hascommunication with the server 15, browses the site 12 and initiates areservation request 3 for charging or access. The website can be eitheropen or secure. If secure, then generally a password is needed to accessit. Communications security protocols such as https or IPSec may be usedin any part of the system of the present invention.

The website 12 or server 15 can contain information about differentservices available including the location of possible vehicle chargers6. The website or server will generally have a database which lists allchargers/locations (including possible maintenance closures) and allcurrent reservations along with their status. The user can select wherehe wants to be charged or can be directed to the nearest charger in thesystem. The reservation 3 can be let for a certain time when chargingwill begin on a certain date. The user can also supply any parametersconcerning charging necessary such as voltage/current requirements, timeneeded and the like.

After all of the information is gathered, the website causes the server15 to send a particular digital token or certificate (a “reservationcertificate” 5) to a particular portable terminal, e.g., a cellulartelephone or smart phone 4 that the user specifies (which may the phonebeing used to make the reservation, but it does not need to be). All orpart of the digital certificate may be encrypted with a public key forwhich the private key counterpart is known to only one charger or accessdevice. Similarly, all or part of the digital certificate may beencrypted with a symmetrical key, known to both the server and thecharger. All or part of the digital certificate may be encrypted with aprivate key known only to the server, but for which the public key isknown to all compatible chargers, whereby the chargers can authenticatethat the encryption was performed by the server. The certificate cancontain a unique charger ID code for the target charger 6 or device, thedate/time the certificate is issued, the date/time the charging issupposed to take place, the charging parameters, the charging timeallocated, a new charger ID code that will replace the old ID, andoptionally a new encryption key. Additionally, the certificate cancontain communication information necessary to contact the device whenin proximity to it, as discussed below. It is also possible that variousportions of the message can be in plaintext. This makes it easier for adevice to determine if any of many messages is for it without requiringdecryption of every message. In this case, part of the certificateshould include a hash of portions of the plaintext that would otherwisebe exposed to tampering. The hash can then be encrypted by the server(e.g., with the server's private key) so that a charger or device isable to determine the authenticity of the certificate (by decrypting thehash with the server's public key and comparing that hash to onecomputed from the plaintext).

The charger 6 (or access device 11, shown in FIG. 4) may be Internetcapable, having connection 10 to Internet 1, or optionally it may beunconnected to the Internet 1 (as shown in FIG. 3 and FIG. 5 with noconnection 10). As the cellular telephone 4 approaches the charger 6 (oraccess device 11, shown in FIGS. 4 & 5), a wireless technology such asBLUETOOTH, Wi-Fi, Zigbee, infrared, or other wireless technique can beused to communicate with the charger or access device.

The charger may use these wireless techniques in a manner that does notadvertise its presence, for instance, the BLUETOOTH service may notannounce itself. In such cases as these, the application on the smartphone uses a predetermined communication setting, or obtains theappropriate communications settings (such as the network SSID,passcodes, IP addresses, Bluetooth ID, etc.) needed to contact thecharger. In fact, with certain information (e.g., the Bluetooth ID) willallow the application to identify and communicate with a specific one ofmany chargers in proximity.

After a short communications handshake, the digital token or certificate5 is sent to the charger or access device by short-range wireless. Thecharger 6 decrypts the certificate, if encrypted, reads the uniquedevice ID, and decides if it is the correct device. If so, it reads thereservation time. If the reservation time approximately agrees with thetime of day read from its internal time-of-day/date clock 8, it thendecodes the charge parameters or access parameters, if any, and allowscharging or access to take place. FIG. 1 shows a vehicle 7 beingcharged, and it shows the charger 6 with a time-of-day/date clock 8 andan optional GPS receiver 9. If the charger contains a GPS receiver, itsidentification can be by location, provided the charger has GPS access.This generally requires clear sky. The known coordinates or location ofa charger can also be entered during installation, either from a map orpredetermined table or from a GPS carried by an installer. If thecharger 6 or access device 11 is Internet enabled (i.e., havingconnection 10), it can communicate with the website application vialong-range wireless such as cellular or by wire access, or it cancommunicate with an Internet access point by Wi-Fi or the like.

FIG. 2 shows a sample certificate 14 (one embodiment of certificate 5)containing several fields of data representative of the reservation:

In some embodiments, one field is provided that can associate thecertificate with the charger, such as a device identification (DeviceID) of the charger 6 (so that the charger will have some suggestion thatthis is a message for it;

Start Time: this can be in plaintext so that the smart phone applicationcan read it also;

Duration/End Time: if the reservation is not just for a predeterminedtime like all day for example;

Service Type: for example level 1 charging vs. level 2, if the chargersupports multiple services.

For security, in some embodiments, the first portion of the certificatecan be hashed, and the hash encrypted using the public key of thecharger. Upon receipt by the charger, the hash is decrypted using theprivate key of the charger, and the hash result compared with thecharger's internal hash calculation. If the two match, then nobody hasedited the reservation and the certificate may be trusted as authentic.This is safe unless someone cracks the key of the charger. In that case,only one charger 6 is affected. An alternative embodiment may use asigned hash or checksum. Here, the hash is computed as above, thenencrypted with a private key held by a trusted authority such as thewebsite.

Upon receipt, anyone, including the smart phone and the charger, can usethe trusted authority's public key to decrypt the hash and compare thatto the hash they run. This method is safe unless someone cracks theprivate key of the website. In still another embodiment, aSigned-then-Encrypted Hash/Checksum is used. Here the signed hash isencrypted so that only the charger can read it. This way, the privatekeys of both the charger 6 and the website server 15 need to becompromised, and then only that charger is threatened.

The certificate 14 can contain a certificate ID that is unique only tothis certificate that can be used for tracking and debugging. Thedate/time the certificate was issued, again for tracking and debugging,a unique device ID of the target device, the reservation start time andduration, any charging parameters needed, an optional new device ID forthe next session and an optional new decryption key for the nextsession.

When charging or access is complete, the charger 6 or access device canupdate its ID to the new ID supplied by the previous certificate andoptionally update its decryption key (if encryption is used). If thecharger is Internet capable 10, it can notify the website 12 that thecharging is complete or that the changeover has taken place.

FIG. 3 shows the flow of FIG. 1 with the charger 6 not having Internetaccess. FIG. 4 shows an Internet capable access device 11, in thisexample a hotel room lock, having connection 10 to Internet 1, whileFIG. 5 shows an access device 11 (again a hotel room lock) that cannotcommunicate over the Internet. In the case of a hotel room, a roomreservation can be made using an Internet-enabled cellular telephone 4,laptop 2, computer or other Internet device. The room can be paid for inthe usually e-commerce way by credit card or by any other paymentmethod. The digital token or certificate is sent to the smart phone 4,and the user is told the external room number. As the guest approachesthe hotel room door, the smart phone 4 sends the certificate 5 to thelock device by way of short-range wireless like BLUETOOTH. The user canthen unlock the door at any time during the stay period by pressing aparticular button on the phone or by other technique. The phone canre-send the unique (and secret) access device ID to the device so thatthe device knows it is the correct person each time access is requested.

FIG. 6 shows a block diagram of a charger system 60 that is anembodiment of the charger of the present invention. A processor 16 istied to a communication module 17 that performs short-rangecommunication with a cellular telephone or smart phone and allowscertificate 5 to be transferred from the cellular/smart phone throughprocessor 16 to a storage module 19. The processor 16 or storage module19 may comprise the private key for the charger 6 and/or may store apublic key (e.g., of server 15) to verify digital signatures (e.g.,those made with the server's private key). The storage module 19 can beany type of disk, memory or mass storage device. A clock 8 and/or GPSreceiver 9 are also connected to the processor 16 to provide the currenttime. The processor 16 directly controls access to a charging element 6,i.e., enabling charging element 6 when a currently certificate 5 hasbeen presented, and disabling charging element 6 otherwise. An optionallong-range communication module 18 can communicate with the Interneteither by placing a cellular telephone call or with Wi-Fi or the like.

Optionally, the application on a smart phone 4 can energize short-rangecommunication when the local GPS in the phone indicates that the phoneis near the target charger 6. The smart phone can also optionally signalthat the vehicle needs a charge, or that a particular charge reservationtime is approaching. The system of the present invention can alsooptionally track motorists' visits and purchases at retail stores in amall or shopping center, and have automatic credits that can be added tothe smart phone good toward future vehicle charging paid for bymerchants as an incentive to purchase from their stores.

In US Patent Application Publication 2007/0008181, Rollert et al. teacha “System and Method For Optimizing the Utilization Of Space,” primarilyparking spaces, by allowing a reservation to be made through theInternet. FIG. 7 shows how the present invention represents animprovement to the system and method of Rollert et al., enabled by asmart phone application that could, for example, run on an iPhone byApple, Inc. of Cupertino, Calif. or other smart phone. Such anapplication would have a various screen views for performing suchfunctions as making a new reservation, examining current reservations,and maintaining the patron's account. Some portions of the applicationrequire connectivity to the Internet to operate, but other portions mayoperate based on locally stored information. A few related operations,including examining current reservations, should be able to operatewithout Internet access, as the user may require immediate access tothese operations, but be in a location such as in a parking garage whereInternet access such as cell communication or Wi-Fi may not be provided.

In the diagram of FIG. 7, a main application view 20 is shown to offerthree options: New Reservation (for creating a new reservation), CurrentReservations (for examining and using reservations already made), andAccount Info (for creating and editing appropriate account information).FIG. 7 shows a smart phone application block diagram for an embodimentin which Internet device 2 and smart phone 4 are the same device: Inanother embodiment, the reservation-making portion of the applicationmay run on Internet device 2 and the current reservation portion of theapplication may run on the smart phone 4.

The patron would have selected the Account Info 21 at least once tocreate or otherwise associate an account with the patron's smart phone4. An account may have associated payment preferences and perhapsacceptance of legal agreements. Payment preferences might include acredit card account, or a bank account. Another payment preference wouldprovide permission to pre-charge a patron's credit card or bank accountand subsequently allow the system to operate using micropayments madeagainst that pre-charge amount. The parking reservation server 15 (orweb site 12) or another server with which it has communication (notshown) would maintain the micropayment accounts for each patron andapply their funds to charges for parking. The micropayment accountswould be settled daily or with a different period, or whenever thepre-charged amount has been consumed.

Once the patron's account has been enabled, the patron can access theviews for creating a new reservation.

The New Reservations 23 screen accepts a start-time, an end-time (orduration), and a destination.

Required amenities can be selected, including for the present invention,available charging for an EV (which may further include a selection forLevel 1 or Level 2 charging, for instance). The destination may be anactual parking location, but more commonly (and as illustrated herein)it is the patron's destination for which nearby parking is sought.

As with each screen in this diagram other than the Main view 20, thereis a ‘back’ arrow 22 atop the screen including the New Reservationsscreen 23. The back arrow 22 is a user interface element that permitsthe patron to move back up the hierarchy to access screens and theirinterfaces higher up.

Once a destination has been entered into the New Reservation screen 23,the user may be presented with the Destination Map screen 24 showing amap with the destination marked and parking spots nearby shown andselectable. The spots shown may be only ones having the stated amenitiesand that are available to be reserved for the interval entered such asbeginning from the start-time and available for the duration or untilthe end-time. Current information regarding parking spot availabilityrequires communication with the server responsible for maintainingreservations for that spot, which may be server 15, web site 12, or someother server.

Alternatively, the spots may be shown in a list, which may be sorted bytheir distance from the indicated destination, or by price, or acombination thereof.

The patron selects a parking spot, whether from a corresponding markingon the map, or from the spot list (not shown). Once selected, the SpotDetail screen 25 is shown, which includes information such as location,pricing, detailed amenities, and perhaps a picture of the specificparking location (or one representative of it).

If the patron does not like the parking spot presented, the back buttonsallow returning to screens earlier in the interaction to make differentselections, e.g., to choose a different spot or alter the start-time,etc.

If the patron does like the parking spot presented, he can confirm thereservation 26, which initiates a reservation request to the server.Upon successfully obtaining a reservation for an EV charging enabledparking location, the server in response can provide or authenticate 27a reservation certificate 5 to be stored in the smart phone 4. Forinstance, in one embodiment, reservation certificate 5 comprises datarepresentative of the reservation encrypted with the server's privatekey. In another embodiment, reservation certificate 5 comprises adigital signature by the server that authenticates data representativeof the reservation. The completion of the reservation transitions thepatron to a different region of the application screen hierarchy, andinstead of being in the ‘new reservation’ branch (23-26), the interfacejumps to a location in the ‘current reservations’ branch (28-31), suchas the Reservation Detail page 29, showing the reservation just made.

Another way of getting to the Reservation Detail screen 29 begins backon the Main application view 20 when the patron selects the currentreservations option. Upon doing this, the Current Reservations List 28is shown, which lists all pending parking reservations, for example inorder of the date and time at which the reservation starts. Besides thestart time, each entry in the list should show some additionalinformation to remind the patron of each instance, for example thedestination may be presented.

Upon selecting one of the reservations from the Current ReservationsList 28, the corresponding Reservation Detail screen 29 is shown,listing the same details that were selected and known when thereservation was made. Clicking on the destination entry on this screencan bring up a Spot/Destination Map screen 30, showing the location ofthe parking spot with respect to the destination.

The Reservation Detail screen 29 also presents a connect option todirect the smart phone application to attempt communication with the EVcharging system 4 (or other parking spot amenity system or access device11, e.g., a hotel room lock) and to provide the reservation certificate5 to the charger 6 or device (11), thereby enabling it 32 for theinterval of the reservation.

The Charger Enabled screen 31 can be used to monitor the connectionattempt and confirm activation resulting from a successful connectaction, and may also initiate a timer (not shown) on the smart phone togenerate an alert as the parking interval is about to expire.

Several descriptions and illustrations have been presented to aid inunderstanding the features of the present invention. One skilled in theart will realize that numerous changes and variations are possiblewithout departing from the spirit of the invention. Each of thesechanges and variations is within the scope of the present invention.

What is claimed is:
 1. An access device for use in an access control system, the access device comprising: a processor (16) having control of a door lock (11); and a communication module (17) connected to the processor, the processor able to receive a reservation certificate (5) presented by a portable terminal (4) through the communication module; wherein the processor activates the door lock when a current reservation certificate has been presented.
 2. The access device of claim 1 wherein the processor activates the door lock for up to a predetermined duration.
 3. The access device of claim 2 wherein the predetermined duration is all day.
 4. The access device of claim 1 wherein the reservation certificate comprise data representative of a duration and the processor activates the door lock for up to the duration.
 5. The access device of claim 1 wherein the processor has access to the current time, the reservation certificate comprises data representative of an interval of the reservation, and the processor activates the door lock during the interval.
 6. The access device of claim 5 wherein the interval is specified by a start time and one of an end time and a duration.
 7. The access device of claim 1 further comprising: a memory to which the processor has access, the memory containing a public key for a server authorized to issue the reservation certificate; wherein at least a portion of the reservation certificate is encrypted by the server using a private key and the processor verifies that the reservation certificate is genuine by decrypting the portion with the public key.
 8. The access device of claim 1 further comprising: a memory to which the processor has access, the memory containing a symmetric key; wherein at least a portion of the reservation certificate is encrypted by a server using the symmetric key and the processor verifies that the reservation certificate is genuine by decrypting the portion with the symmetric key.
 9. The access device of claim 1 wherein the processor verifies that the reservation certificate is genuine.
 10. The access device of claim 1 further comprising: an identification to which the processor has access, the identification corresponding to one of the access device and the door lock, wherein the processor determines that the reservation certificate comprises data representative of the identification.
 11. The access device of claim 1 further comprising: a memory to which the processor has access, the memory containing a private key of the access device; wherein at least a portion of the reservation certificate is encrypted by a server using a corresponding public key for the access device and the processor decrypts the portion with the private key.
 12. The access device of claim 1 wherein the processor has access to a server through the communication module and the processor reports to the server that door lock was activated on the basis of the reservation certificate.
 13. A method for use by an access device in an access control system, the method comprising: a) accepting, by a processor through a communication module, a reservation certificate presented with a portable terminal; b) determining, by the processor, that the reservation certificate is current; and c) activating, by the processor on the basis of the reservation certificate being current, a door lock.
 14. The method of claim 13 wherein the certificate is current for up to a predetermined duration.
 15. The method of claim 14 wherein the predetermined duration is all day.
 16. The method of claim 13 wherein the reservation certificate comprises data representative of a duration and the certificate is current for up to the duration.
 17. The method of claim 13 wherein the processor has access to the current time and the reservation certificate comprises data representative of an interval of the reservation, and the certificate is current for up to the interval.
 18. The method of claim 17 wherein the interval is specified by a start time and one of an end time and a duration.
 19. The method of claim 13 wherein at least a portion of the reservation certificate is encrypted by a server using a private key for which the corresponding public key is stored in a memory accessible to the processor, wherein the b) determining by the processor is further that the reservation certificate is genuine on the basis of decrypting the portion with the public key, and the c) activating is on the further basis of the reservation certificate being genuine.
 20. The method of claim 13 wherein at least a portion of the reservation certificate is encrypted by a server using a symmetric key stored in a memory accessible to the processor, wherein the b) determining by the processor is further that the reservation certificate is genuine on the basis of decrypting the portion with the symmetric key, and the c) activating is on the further basis of the reservation certificate being genuine. 